Meta has been ordered by the Irish Data Protection Commission to pay a $101.6 million fine over its accidental storage of passwords from a subset of Facebook users in plaintext form, The Associated Press reports.
Passwords should never be kept in plaintext due to potential exploitation, according to Irish DPC Deputy Commissioner Graham Doyle. Meanwhile, Meta noted the prompt remediation of the security issue. "...[T]here is no evidence that these passwords were abused or accessed improperly. We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry," said the firm in a statement. Such a penalty for Meta comes after the company was fined a record $1.3 billion over GDPR privacy violations involving data transfers. Meta had also been ordered to pay €405 million and €5.5 million penalties for data violations involving its Instagram and WhatsApp apps, respectively.
